FortiAuthenticator open ports
| Incoming ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiAuthenticator | Load-balancing HA secondary |
UDP/721, UDP/1194 |
| Redundant HA cluster | UDP/720 | |
| FortiClient | SSO Mobility Agent, FSSO | TCP/8001 (by default; this port can be customized) |
| FortiGate | LDAP, PKI Authentication | TCP or UDP/389 |
| RADIUS | UDP/1812 | |
| FSSO | TCP/8000 | |
| RADIUS Accounting | UDP/1813, UDP/1646 | |
| SCEP | TCP/80, TCP/443 | |
| FortiToken Push | Apple Push Notification (APN) service | TCP/5223, TCP/2195, TCP/2196 |
| Others | SSH CLI | TCP/22 |
| Telnet | TCP/23 | |
| HTTP & SCEP | TCP/80 | |
| SNMP Poll | UDP/161 | |
| Web Admin | TCP/80, TCP/443 | |
| LDAP | TCP/389 | |
| LDAPS | TCP/636 | |
| RADIUS | UDP/1812, UDP/1813, UDP1646 | |
| OCSP | TCP/2560 | |
| 3rd-Party Servers | FSSO & Tiers | TCP/8002, TCP/8003 |
| Outgoing ports | ||
|---|---|---|
| Purpose | Protocol/Port | |
| FortiAuthenticator | Load-balancing HA primary | UDP/721, UDP/1194 |
| Redundant HA cluster | UDP/720 | |
| FortiGate | Policy Authentication through Captive Portal | TCP/1000 |
| FortiGuard | AV/IPS Updates | TCP/443 |
| Virus Sample | TCP/25 | |
| SMS, FTM, Licensing, Policy Override Authentication, URL/AS Updates | TCP/443 | |
| Registration | TCP/80 | |
| 3rd-Party Servers | SMTP, Alerts, Virus Sample | TCP/25 |
| DNS | UDP/53 | |
| Windows AD | TCP/88 | |
| NTP | UDP/123 | |
| LDAP | TCP or UDP389 | |
| Domain Control | TCP/445 | |
| LDAPS | TCP/636 | |
| FSSO & Tiers | TCP/8002, TCP/8003 | |
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
